Slashdot Mirror

← Back to Stories (view on slashdot.org)

TVA Security Lapses Could Endanger US Health, Economy

Posted by timothy on from the tva-flooded-my-grandmother's-birthplace dept.

coondoggie links to a Network World story about myriad security flaws (described in a report from the Governmental Accountability Office) at all levels of the Tennessee Valley Authority, the country's largest public power utility, excerpting: "The Tennessee Valley Authority (TVA) is a federal corporation that generates power using 52 fossil, hydro and nuclear facilities in an area of about 80,000 square miles and has not fully implemented appropriate security practices to protect the control systems used to operate its critical infrastructures, the GAO concluded. TVA's corporate network infrastructure and its control systems networks and devices at individual facilities and plants reviewed were vulnerable to disruptions that could endanger a good portion of the country's economic security and public health and safety, the GAO said." The TVA is hardly alone, though, when it comes to governmental computer security. Reader bc90021 points out the Federal Government's newly released Computer Security Report Card (prepared for Congressman Tom Davis), which "breaks down the agencies and assigns them all a grade. There are plenty of Fs, not the least of which is for the newly reconnected Department of the Interior."

6 of 46 comments (clear)

  1. Um - why? by Gat0r30y · · Score: 4, Insightful
    It doesn't make any sense to me to allow any remote access to critical control systems like those described. Why would they want to use anything besides a local network?

    On control systems networks, firewalls were bypassed or inadequately configured, passwords were not effectively implemented, logging of certain activity was limited, configuration management policies for control systems software were not consistently implemented, and servers and workstations lacked key patches and effective virus protection. In addition, physical security at multiple locations did not sufficiently protect critical control systems. Ok the physical protections is an issue, but people in charge of major control systems for power generation should be on site - there is no reason to connect these boxes to the wider internet - a local network should be completely sufficient for their needs.
    --
    Prediction: The real iPhone killer is going to be sex robots from Japan. Think about it.
    1. Re:Um - why? by StickyWidget · · Score: 4, Insightful
      Originally, all process networks were designed like that, completely islanded off and self sufficient. Nothing in, nothing out. And that was fine while the industry was for the most part regulated. There wasn't a need for a large amount of data to be shared, everybody did their own thing according to regulations.

      Problem with that method is that there was no incentive to make upgrades to infrastructure and systems under regulation. ZERO. Which has lead to the situation we are in now: We have a first world nation with a third world electric power grid. Costs are rapidly rising, power demands are increasing (thank the internet for that), and the equipment is starting to get so old it can't be replaced anymore.

      So now, utilities are finally starting to look at way of improving their business. This means more data needs to flow from teh plant into other areas of the business. That data can be used to plan maintenance upgrades, to cost out fuel, to improve efficiency, to add green power to the mix, etc. Connecting these plants and control centers to each other provides a valuable service, it's just that utilities didn't know jack about securing them.

      To put it mildly, a generation plant can save $100,000 - $1,000,000 a year simply by sharing data with optimization consultants on a real-time basis. That's what we call "easy money". And in the absence of federal regulations, that's what they did. Now though, utilities are required to secure their network, most under the NERC CIP standards. Situations like TVA's are going to become very very common in the next few years, and then they are going to simply go away as utilities get the message that security means greater electric reliability.

      ~Sticky
      /I've spent the past 3 years of my life working in SCADA security, and plan several more.

    2. Re:Um - why? by bXTr · · Score: 3, Insightful

      You're right about unnecessary remote access. Even on a local network though, you don't let everybody on the network have access to the control systems. Most, if not all, the things mentioned in your quote apply to local networks, too.

      If I had my druthers, I would also pull out the floppy, CD and DVD drives and the USB and Firewire ports as well. Viruses, trojans and malware don't just come in over the Internet. I would also not have wi-fi. Just like with cell phones on airplanes, there may not be any chance of wi-fi interference with controls, but why take the chance if you don't have to?

      It seems like not enough people consider taking away or disabling things, not just adding things, to make their infrastructure more secure.

      --
      It's a very dark ride.
    3. Re:Um - why? by moosesocks · · Score: 2, Insightful

      There's a difference between "sharing data" and connecting your control systems to the outside world. I don't doubt that it's beneficial to release efficency/monitoring data to a third party.

      However, data collection and retreval should be on a completely separate network from the power plant's critical control systems. They're unrelated tasks; one requires strict reliability and security, while the other doesn't need to be any more secure than the typical business network.

      More to the point.... why the hell were those control systems taught to speak TCP/IP in the first place? Aren't there other industrial control protocols designed for this sort of thing that provide better redundancy, integrity, and security?

      --
      -- If you try to fail and succeed, which have you done? - Uli's moose
  2. Watch out for the inside guy. by onkelonkel · · Score: 3, Insightful

    I work in an industrial controls field that has a lot of technology in common with the big utilities like TVA. Very little of the remote control software has any sort of security on it. Some systems will have access passwords, but SCADA often has no security at all. An attacker wanting to disrupt services who was familiar with the SCADA equipment and protocols could cause all sorts of havoc by remote control. Imagine the hottest day of the year, power consumption is at its absolute peak, and somebody starts opening breakers, turning off compressors, sending in false failure alarms etc. Pick your time and place carefully and you get one of those cascading failure events and half the eastern seaboard has no lights. Repeat a week later. Maybe not as compelling as kamikaze jetliners, but not without its charms.

    --
    None of them can see the clouds; The polished wings don't care.
  3. FYI by geekoid · · Score: 2, Insightful

    Most companies would get an 'F'. Government organizations aren't alone in this, and it's the people who do security audits in there best interest to find problems. The will take a tiny risk and blow it way out of proportion.

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect